OpenBSD Journal

Pcap/Tcpdump Trojan: OpenBSD Unaffected

Contributed by jose on from the secure dept.

This morning Slashdot ran a story about how Tcpdump.org was compromised and the distributions for Pcap and Tcpdump were trojanned . I have been talking to some people this morning and there appears to be some confusion among some OpenBSD users.

OpenBSD is not affected. Not at all. This is for two reasons. The first is that Pcap and Tcpdump are brought in only periodically and after a thorough code review. Many eyes have read the code, including Espie, Itojun, Provos, and others. Secondly, OpenBSD rolls its own build system (for pcap and tcpdump ). The trojan affected the configure script and was activated at build time.

If you are building tools which use pcap (such as Snort in ports) you're most likely using the system's pcap. As such, you don't need to download the pcap distribution and are not downloading a trojanned archive.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    It's nice to see the patience and time consuming effort the developers endure shed its fruit.

    Thank you for the great operating system.

    Comments
    1. By Anonymous Coward () on

      nt

    2. By mi3o () on

  2. By Anonymous Coward () on

    Deja vu ;-)

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]